Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training Security Vulnerabilities

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: external-dns, fulcio, istio-operator, grype, nats-server, libssh2, prometheus-postgres-exporter, caddy, vault-csi-provider, flux-helm-controller, istio-pilot-discovery, sigstore-scaffolding, cortex, terragrunt, argo-cd, step, dgraph, kubernetes, node-problem-detector,....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: regclient, grafana-rollout-operator, kubernetes-csi-driver-hostpath, kubernetes-ingress-defaultbackend, k8sgpt, external-dns, fulcio, istio-operator, kind, nats-server, s5cmd, spicedb, pulumi-language-dotnet, caddy, kubebuilder, vt-cli,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: regclient, grafana-rollout-operator, kubernetes-csi-driver-hostpath, kubernetes-ingress-defaultbackend, k8sgpt, external-dns, fulcio, istio-operator, kind, nats-server, s5cmd, spicedb, pulumi-language-dotnet, caddy, kubebuilder, vt-cli,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: regclient, grafana-rollout-operator, kubernetes-csi-driver-hostpath, kubernetes-ingress-defaultbackend, k8sgpt, external-dns, fulcio, istio-operator, kind, nats-server, s5cmd, spicedb, pulumi-language-dotnet, caddy, kubebuilder, vt-cli,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: pulumi-language-yaml, boring-registry, skaffold, flux-image-automation-controller, pulumi-language-dotnet, rclone, wolfictl, kubevela, cosign, actions-runner-controller, pulumi-kubernetes-operator, zarf, flux-kustomize-controller, terragrunt, argo-cd, slsa-verifier,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: external-dns, fulcio, istio-operator, grype, nats-server, libssh2, prometheus-postgres-exporter, caddy, vault-csi-provider, flux-helm-controller, istio-pilot-discovery, sigstore-scaffolding, cortex, terragrunt, argo-cd, step, dgraph, kubernetes, node-problem-detector,....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: regclient, grafana-rollout-operator, kubernetes-csi-driver-hostpath, kubernetes-ingress-defaultbackend, k8sgpt, external-dns, fulcio, istio-operator, kind, nats-server, s5cmd, spicedb, pulumi-language-dotnet, caddy, kubebuilder, vt-cli,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

SimpleSAMLphp Reflected Cross-site Scripting vulnerability

Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

CVE-2024-28060

An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is...

CVE-2022-45171

An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without...

CVE-2023-43849

Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code...

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...

rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter

Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...

OpenAPI Generator Online - Arbitrary File Read/Delete

Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...

CVE-2024-35621

A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content...

INE Security Enables CISOs to Secure Board Support for Cybersecurity Training

By Cyber Newswire Cary, United States, 28th May 2024, CyberNewsWire This is a post from HackRead.com Read the original post: INE Security Enables CISOs to Secure Board Support for Cybersecurity...

(RHSA-2024:3431) Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126) rubygem-rack: Possible DoS Vulnerability with Range Header in Rack...

CVE-2024-3657

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria...

CVE-2024-2199

A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying userPassword using malformed input. Mitigation Mitigation for this issue is either not available or the currently available options don't meet.....

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Quantum computers are probably coming, though we don't know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...

Trusted relationship attacks: trust, but verify

IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...

Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API...

URL Injection

silverstripe/framework is vulnerable to a URL Injection vulnerability. The vulnerability is due to improper encoding of entities in the URL string, specifically in requests coming from Internet Explorer, which allows malicious JavaScript code to be directly inserted into the output content by...

CVE-2024-32944

Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be...

CVE-2024-28886

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be...

CVE-2024-28886

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be...

CVE-2024-32944

Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be...

MStore API < 3.9.8 - SQL Injection

The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id...

CVE-2024-28880

Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...